Starting Tuesday, June 8, 2021, Two-Step Login for Office 365 will be required for emeritus and retired faculty and retired staff accounts.

How the Change Will Affect Users

Those who have recently retired from Cornell may already be familiar with Two-Step Login from accessing resources like Faculty Center or Canvas before their retirement. Two-Step Login protection for Office 365 uses a very similar process.

Over ten thousand Cornell Office 365 users have already transitioned to using Two-Step Login without issues.

Those unfamiliar with the service should visit Two-Step Login for general information. For details about the upcoming change, visit Before You Start Using Two-Step Login with Office 365.

Two-Step Login will not increase how often users need to log in to Outlook -- it simply adds an additional authentication step when they do. Because Office 365 remembers a user who connects regularly via the same app on the same computer or mobile device, many will rarely, if ever, actually need to log in and re-authenticate with Two-Step Login. (An example of when someone might would be when installing a fresh copy of the software.) Nonetheless, Two-Step Login is still providing its extra protection against malicious users.

For those who use Outlook on the web, if they usually need to sign in there, then they will also be prompted to complete Two-Step Login as well.

Is There Anything Special You Need to Know?

Those who access Cornell email using one of the following methods will need to take extra steps to ensure email access transitions smoothly.

iOS Devices

Those using the iOS Apple Mail and Calendar app to access Cornell email may need to refresh account settings. Follow the instructions to Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login.

Unsupported Email and Calendar Clients

Cornell only supports email and calendar apps from Microsoft and Apple for Two-Step Login. While other apps, such as Gmail for Android or Thunderbird, may continue to work if configured carefully by experienced users, users are encouraged to switch to a supported client. Review the list of supported clients at Before You Start Using Two-Step Login with Office 365.

SMTP and IMAP/POP Protocols

Those who use IMAP/POP or SMTP protocols to connect to Cornell email should know that the most common Basic authentication method to send or read email is not compatible with Two-Step Login. These users will need to take steps to use an OAuth2-supported email client configured for an Exchange account. For this reason, users are encouraged simply to switch to a supported client as detailed at Before You Start Using Two-Step Login with Office 365.

Office 2013 and Older

On Windows and macOS, users need to have Office 2016 or later to be compatible with Two-Step Login.

Forwarded Email

Those who only forward Cornell email to another email service and do not connect directly using Office 365 / Outlook will not be affected by this change unless they need to log in to change forwarding settings.

Can You Opt-in to Two-Step Login for Office 365 Proactively?

Yes! Users can enable Two-Step Login for Office 365 in advance of the June 8 deadline by following the steps described at Opt-In to Two-Step Login for Office 365. Then, they can test the process as described at Test Two-Step Login for Office 365.

Questions or Concerns

For issues using Two-Step Login for Office 365, contact the IT Service Desk for assistance.